Re: Unable configure pgadmin on Google Cloud Run with SSL certs

Поиск
Список
Период
Сортировка
От Dave Page
Тема Re: Unable configure pgadmin on Google Cloud Run with SSL certs
Дата
Msg-id CA+OCxoyWOnRXfE+k-gAFCvz2D4WPi6+D2E=h6rm09eQENEVC3w@mail.gmail.com
обсуждение исходный текст
Ответ на Unable configure pgadmin on Google Cloud Run with SSL certs  (rossco <rosscoe.pico@gmail.com>)
Список pgadmin-support
Дерево обсуждения
Hi

On Tue, Apr 20, 2021 at 10:42 PM rossco <rosscoe.pico@gmail.com> wrote:
Hi,

I would like to know how I can use pgadmin with a database that requires SSL Certificates

The Problem
  • I am deploying pgadmin onto Google Cloud Run which does not allow mapped drives when starting the container
Urgh. That would make running PostgreSQL very painful! 
  • I have tried uploading the certificates via the pgadmin UI, however the key file has the wrong permissions and I am unable to change them
    • Error message says key file requires 0600 permissions
  • I have tried adding the certificates with a small modified Dockerfile, however the files end up in /pgadmin which I can not access from the UI
Simple Dockerfile to try and pre-load the certs

FROM dpage/pgadmin4
COPY client-cert.pem client-key.pem server-ca.pem ./

The storage root in the container is under /var/lib/pgadmin/storage/<username>, however the username has @ replaced with _, so on a simple deploy here with a username of user@domain.com, the path is:

/var/lib/pgadmin/storage/user_domain.com

Any files you place in there will be visible to the user@domain.com user account in the file dialog (including when selecting a certificate). You may need to add something like:

RUN chown pgadmin:pgadmin /var/lib/pgadmin/storage/user_domain.com/* && chmod 600 /var/lib/pgadmin/storage/user_domain.com/client-key.pem

to your wrapper dockerfile.
 
I can't look around the file system as I don't know the sudo password
$ docker exec -it b5ad237a7eee2873190087c0c132a21007b80c856d3aabf77119ae498683d892 sudo ls /

There isn't a sudo password - you shouldn't need to use sudo at all, e.g

$ docker exec -it naughty_ride /bin/sh
/pgadmin4 $ ls -al /var/lib/pgadmin/storage
total 12
drwxr-xr-x    3 pgadmin  pgadmin       4096 Apr 21 08:22 .
drwx------    4 pgadmin  pgadmin       4096 Apr 21 08:24 ..
drwx------    2 pgadmin  pgadmin       4096 Apr 21 08:24 user_domain.com
/pgadmin4 $ whoami
pgadmin
/pgadmin4 $ ls -al /etc | head -5
total 232
drwxr-xr-x    1 root     root          4096 Apr 21 08:17 .
drwxr-xr-x    1 root     root          4096 Apr 21 08:17 ..
-rw-r--r--    1 root     root             7 Apr 14 10:25 alpine-release
drwxr-xr-x    1 root     root          4096 Apr 19 12:01 apk

--

В списке pgadmin-support по дате отправления:

Предыдущее
От: rossco
Дата:
Сообщение: Unable configure pgadmin on Google Cloud Run with SSL certs
Следующее
От: Akshay Joshi
Дата:
Сообщение: pgAdmin 4 v5.2 Released